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About This Guide 


This documentation describes how to use Novell Storage Services File System (NSS) to manage pools, 
volumes, and software RAIDs on a Novell Open Enterprise Server (OES) 11 Support Pack 2 (SP2) 
Server. 

¢ Chapter 1, “Overview of NSS AD,” on page 7 

+ Chapter 2, “Planning for NSS AD,” on page 11 

+ Chapter 3, “Installing and Configuring NSS AD,” on page 13 

+ Chapter 4, “Administrative Tasks,” on page 15 

+ Chapter 5, “Troubleshooting,” on page 17 


Audience 


This guide is intended for network administrators. It is intended for security administrators or 
anyone who is using NSS storage objects and is responsible for the security of the system. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation. 


Documentation Updates 


The latest version of this NSS File System Administration Guide for Linux is available on the OES 
documentation website. 


Additional Documentation 


For information about planning and implementing storage solutions in Novell Open Enterprise 
Server 11, see the following: 


+ OES 11 SP2: Storage and File Services Overview describes typical requirements for system storage, 
and identifies the various storage products and services in Novell Open Enterprise Server 11 
that address those requirements. 


For more information about services referenced in this guide, see the following: 
+ The OES 11 SP2: Novell Distributed File Services Administration Guide for Linux describes how to 
configure and manage DFS services for NSS volumes. 


+ The OES 11 SP2: Dynamic Storage Technology Administration Guide describes how to configure 
NSS volumes as shadow volumes by using Dynamic Storage Technology. 


+ Novell Archive and Version Services provides interval-based archiving for user data. See the 
OES 11 SP2: Novell Archive and Version Services Administration Guide. 


+ The OES 11 SP2: File Systems Management Guide describes the Novell trustee model and how to 
configure file system trustees, trustee rights, and attributes for NSS volumes. 
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The OES 11 SP2: NCP Server for Linux Administration Guide describes how to manage NCP 
connections for NSS volumes. 


The OES 11 SP2: Novell Linux User Management Administration Guide describes how to Linux- 
enable users. 


The NDK: Virtual File Services (http://www.novell.com/developer/ndk/virtual_file_services.html) 
describes the software APIs for creating software applications and scripts to manage NSS 
volumes and services on Linux and NetWare. 


The NDK: Novell Storage Architecture Component (Media Manager and NWPA) (http:// 
www.novell.com/developer/ndk/ 
storage_architecture_components_%28media_manager_and_nwpa%29.html) describes 
software APIs for creating storage-related applications. 


Novell Storage Services Error Codes (http://www.novell.com/documentation/nwec/nwec/data/ 
al3s3ui.html) 


The SLES 11: Storage Administration Guide (http://www.suse.com/documentation/sles11/ 
stor_admin/?page=/documentation/sles11/stor_admin/data/bookinfo.html) describes storage 
services such as the Logical Volume Manager (LVM), UUIDs, Linux multipath I/O for devices; 
and Linux software RAIDs 0, 1, 5, 6, and 10. 


Logical Volume Management for Linux documentation (http://sourceware.org/Ivm2/). 
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Overview of NSS AD 


This section describes benefits and key features of NSS AD. 


+ Section 1.1, “Introduction to NSS AD,” on page 7 
+ Section 1.2, “Features and Functionality,” on page 8 
+ Section 1.3, “Benefits of NSS AD,” on page 9 


Introduction to NSS AD 


This section describes about the current implementation and the new implementation i.e. Before Vs 
After Scenario. This section describes different aspects of the implementation such as File Access, 
Administration in a Before Vs After Scenario. For eg: 


Current Implementation 


File Access: 
+ Windows can use CIFS and map or use Windows Client via NCP 
+ Mac use AFP or CIFS to map the network drives 
Administration: 


+ Access (giving rights and permissions) mostly using Novell Client. iMan also has the capability 


* Volume creation etc. using nssmu or iman 


New Implementation 


File Access: Win world users (whoever is going through AD) can access only windows servers. Now 
we are creating a bridge between eDir and AD. We are enabling NSS file system also to accept AD 
users. NCP and AFP cannot be used. Only CIFS can be used. With CIFS, from a Win workstation, a 
Win user who is authenticated to AD can directly come and access OES NSS volume. Earlier this was 
not possible. From a windows client you could access earlier also but you needed to log in to 
eDirectory. Now, you can log in to AD but still access NSS volumes. 


Administration: Using rights management tool/ACL tool. 
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1.2 


1.2.1 


1.2.2 


1.2.3 


Features and Functionality 


This section describes the various features and functionality of NSS AD. 


+ Section 1.2.1, “Unified Authorization Model,” on page 8 
+ Section 1.2.2, “Unified File Experience System,” on page 8 
¢ Section 1.2.3, “Understanding the Differences in OES and OES 2015,” on page 8 


Unified Authorization Model 


As per new architecture, one copy of ACLs shared between CIFS and NSS (This is for both eDir and 
AD users) and it is maintained in NSS. But NCP still has a diff copy. 


The way NSS and NCP work is going to be the same. For example, if trustee changes are triggered 

using imanager, it actually triggers it using NSS and NSS will send an event to update NCP. If it is 

triggered thru novell client, then NCP server gets notified first, it would update its copy and notify 
NSS.So, interactions between NCP and NSS did not undergo any change. 


How will this benefit the customer in terms of out of sync issues etc. 


Unified File Experience System 


NIT provides UID mgmt. It is an identity broker for both edir and AD. If a UID does not exist in the 
directory sources it would generate it. NIT servers two purposes: 


+ There are multiple pieces of identity for a single user object (UID,SID,GUID,DN). It would 
provide an interface where you can get a mapping ie. u can go with one piece of info and get the 
other piece of info. 


+ U also need a UID for the actual authorization to work. 
How is IDS/NIT going to help the customer? 


From a management standpoint users don't have to worry about LUM-enabling for the eDir world 
cause the NIT piece will transparently take care of it. Users will see a consistent exp of CIFS access. 
They don't have to know or worry about LUM. 


NIT Manpages 


Brief about NIT and the need for it. 


Understanding the Differences in OES and OES 2015 


The table below explains the different aspects of your implementation in the existing network and 
how it differs in the new implementation scenario: 


Table 1-1 Features and Functionality 


Features Current Implementation New Implementation 


File Access CIFS, AFP CIFS 
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Features Current Implementation 


1.3 Benefits of NSS AD 


NSS AD provides the following benefits: 


¢ This will make OES very secure 
+ More reliability 
+ Will Reduce the administrative complexity 


+ Kerberos-based authentication. 


New Implementation 
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2.1 


2.2 


2.3 


2.3.1 


2.3.2 


Planning for NSS AD 


Use the information in this section to plan your NSS AD deployment. 


+ Section 2.1, “Hardware Requirements,” on page 11 
+ Section 2.2, “Software Requirements,” on page 11 


+ Section 2.3, “Planning for NSS AD Setups,” on page 11 


Hardware Requirements 


This section describes the hardware requirements that your system must meet 


Software Requirements 


This section describes the software requirements for installing and configuring NSS AD. 


eDir versions etc. 


Planning for NSS AD Setups 


Describes the planning required for NSS AD setups. 


+ Section 2.3.1, “Planning for eDir,AD,IDM scenario,” on page 11 

+ Section 2.3.2, “Planning for AD,” on page 11 

+ Section 2.3.3, “Planning for eDir and AD scenarios,” on page 12 

+ Section 2.3.4, “Upgrade and Migrate Considerations,” on page 12 


+ Section 2.3.5, “Cluster Preparations,” on page 12 


Planning for eDir,AD,IDM scenario 
eDir IDM AD, we could have common name to be the primary key for synchronization between eDir 


and AD. Common name would be used to create a user there and it is also used to sync. You can also 
use UID, SAM account and so on. 


Planning for AD 


a)Kerberos, DNS settings, OES server should be part of the same DNS server as that of AD 
b)What is the impact of ADC and PDC. 


Planning for NSS AD 11 


2.3.3 Planning for eDir and AD scenarios 


Describes what is needed in an eDir and AD scenario. 


2.3.4 Upgrade and Migrate Considerations 


a)clients supported (NCL, Windows Client should anything be done on the client side?) 
b)preparation work: schema extension, certificated related. 
c)planning the media upgrade 


d)NIT UID range mapping 


2.3.5 Cluster Preparations 


Describes what is needed in a cluster setup. 
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3.1 


Installing and Configuring NSS AD 


This section describes how to install and configure NSS with AD. 


Installing NSS with AD 


<link to NSS guide> 


Installing and Configuring NSS AD 


13 


14 OES 11 SP2: NSS File System Administration Guide for Linux 


4.1 


4.2 


4.2.1 


4.2.2 


4.3 


Administrative Tasks 


This section identifies the various tools for managing the Novell Storage Services file system. Storage 


administration still needs imanager but for file access we no longer need iManager. 


+ Section 4.1, “Storage Administration,” on page 15 
+ Section 4.2, “Rights Management,” on page 15 

+ Section 4.3, “User Management,” on page 15 

+ Section 4.4, “Auditing,” on page 16 

+ Section 4.5, “Backup and Antivirus,” on page 16 


+ Section 4.6, “License Checker Tool,” on page 16 


Storage Administration 


Rights Management 


Describes tools used for rights management aspects. 


+ Section 4.2.1, “Rights Management Utility,” on page 15 
+ Section 4.2.2, “ACL Mapping Tool,” on page 15 


Rights Management Utility 


About rights management utility with links to NSS guide. 


ACL Mapping Tool 


About ACL mapping tool with links to NSS guide 


User Management 


Describes user management aspects. 


+ Section 4.3.1, “AD User Management,” on page 16 
+ Section 4.3.2, “NIT,” on page 16 


Administrative Tasks 


15 


16 


4.3.1 


4.3.2 


4.4 


45 


4.6 


AD User Management 


About AD user management using MMC with links to microsoft documentation. 


NIT 


Brief about NIT with link to manpages in NSS guide. 


Auditing 


How to audit the servers. 


Backup and Antivirus 


About backup and antivirus. 


License Checker Tool 


How to use the license tool if it is part of OES. 
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Troubleshooting 


This section describes some issues you might experience using Novell Storage Services (NSS) with 
AD and provides suggestions for resolving or avoiding them. 


For additional troubleshooting information, see the Novell Support Web site (http:// 
support.novell.com). 
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